Re: [Full-Disclosure] SHOUTcast Server 1.8.x remote heap overrun exploit binary version

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] SHOUTcast Server 1.8.x remote heap overrun exploit binary version
From: "airsupply@freebsdchina.org" <airsupply@freebsdchina.org>
Date: Tue, 24 Feb 2004 14:19:22 -0800

Alexander wrote:

http://www.securitylab.ru/42976.html (in russian!)

shoutdown.01.tar.gz: SHOUTcast 1.9.2 remote heap overrun exploit. Binds
rootshell on port 26112.

Note: this is binary version. Compiled on Linux/x86 with gcc3.2. Source code
wont be distributed.

Autor: ŠD4rkGr3y of m00 Security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

our exp source code at http://www.0x557.org/release/shoutexp.py

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] SHOUTcast Server 1.8.x remote heap overrun exploit binary version
  - From: -={|TooManyMirrors|}=- <jalley@toomanymirrors.homelinux.com>

References:
- [Full-Disclosure] SHOUTcast Server 1.8.x remote heap overrun exploit binary version
  - From: "Alexander" <pk95@yandex.ru>